DoD Implementation Guide for CAC PIV End-Point - Common ...
DoD Implementation Guide for CAC PIV End-Point - Common ...
DoD Implementation Guide for CAC PIV End-Point - Common ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>DoD</strong> <strong>Implementation</strong> <strong>Guide</strong> <strong>for</strong> <strong>CAC</strong> <strong>PIV</strong> <strong>End</strong>-<strong>Point</strong><br />
2.3 <strong>PIV</strong> and <strong>CAC</strong> Components<br />
Figure 1 below provides a logical representation of the <strong>PIV</strong> Transitional and <strong>End</strong>-<strong>Point</strong> on the<br />
<strong>CAC</strong> plat<strong>for</strong>m. The upper square represents a <strong>DoD</strong> computer hosting <strong>CAC</strong> or <strong>PIV</strong> applications<br />
and middleware. The two cards beneath it represent an <strong>End</strong>-<strong>Point</strong> and a Transitional card.<br />
The right card illustrates the <strong>CAC</strong> Transitional, which leverages the existing GSC-IS 2.1<br />
[GSC-IS] BSI and card edge to serve existing <strong>CAC</strong> and <strong>CAC</strong> Transitional applications.<br />
The left card illustrates the <strong>DoD</strong> <strong>CAC</strong> <strong>End</strong>-<strong>Point</strong> card. A <strong>PIV</strong> host application will use the <strong>PIV</strong><br />
<strong>for</strong> physical or logical access, communicating via the SP 800-73-1 interfaces in the<br />
Transitional and the API <strong>for</strong> the <strong>End</strong>-<strong>Point</strong>.<br />
Hos<br />
Host PC<br />
t<br />
<strong>PIV</strong> <strong>End</strong>-<strong>Point</strong><br />
Application<br />
Service Provider Software (SPS)<br />
<strong>PIV</strong> <strong>End</strong>-<strong>Point</strong> API<br />
<strong>PIV</strong> <strong>End</strong>-<strong>Point</strong><br />
APDU<br />
<strong>CAC</strong> <strong>PIV</strong> <strong>End</strong>-<strong>Point</strong> Smart Card<br />
<strong>PIV</strong> EP Card Edge<br />
CCC<br />
CHUID<br />
<strong>PIV</strong> Auth Key<br />
Fingerprints<br />
Facial Image<br />
Security Object<br />
<strong>DoD</strong> <strong>PIV</strong> <strong>CAC</strong><br />
3 DATA MODEL DISCOVERY<br />
Figure 1. Sample <strong>CAC</strong> and <strong>PIV</strong> components<br />
<strong>CAC</strong> Identity key<br />
Existing GSC-IS GSC-IS v2.1 BSI v2.1 BSI<br />
(Basic Services (Basic Interface) Services Interface)<br />
<strong>CAC</strong> Middleware<br />
The data model version number was intended to correspond to the scope and version of<br />
data objects. However, in current discussions regarding SP 800-73-2 this does not appear<br />
to be the case.<br />
3<br />
Service Provider Software (SPS)<br />
Existing Applet Applet Command Command Interface Interface<br />
GSC-IS v2.1 Virtual Card Edge Interface (VCEI)<br />
<strong>CAC</strong><br />
<strong>CAC</strong> Encrypt. Key<br />
<strong>CAC</strong> Signature Key<br />
Trans.<br />
Trans Objs<br />
<strong>CAC</strong> Client Application<br />
Components:<br />
<strong>CAC</strong> Transitional Smart Card<br />
Transitional Card Edge<br />
<strong>PIV</strong> <strong>CAC</strong><br />
<strong>CAC</strong> Trans.